[Glibc-bsd-commits] r2194 - in trunk/freebsd-utils: . debian net
ps-guest at alioth.debian.org
ps-guest at alioth.debian.org
Tue Jun 24 08:31:55 UTC 2008
Author: ps-guest
Date: 2008-06-24 08:31:54 +0000 (Tue, 24 Jun 2008)
New Revision: 2194
Added:
trunk/freebsd-utils/net/
trunk/freebsd-utils/net/if.h
trunk/freebsd-utils/pf_ruleset.c
Removed:
trunk/freebsd-utils/debian/pf_ruleset.c
Modified:
trunk/freebsd-utils/debian/rules
Log:
* allow building also against current glibc
Deleted: trunk/freebsd-utils/debian/pf_ruleset.c
===================================================================
--- trunk/freebsd-utils/debian/pf_ruleset.c 2008-06-24 08:30:45 UTC (rev 2193)
+++ trunk/freebsd-utils/debian/pf_ruleset.c 2008-06-24 08:31:54 UTC (rev 2194)
@@ -1,502 +0,0 @@
-
-/*-
- * Copyright (c) 2004 Ted Unangst and Todd Miller
- * All rights reserved.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * $OpenBSD: strtonum.c,v 1.6 2004/08/03 19:38:01 millert Exp $
- */
-
-#include <sys/cdefs.h>
-/* __FBSDID("$FreeBSD: src/lib/libc/stdlib/strtonum.c,v 1.2 2006/03/14 19:53:03 ache Exp $"); */
-
-
-#include <errno.h>
-#include <limits.h>
-#include <stdlib.h>
-
-#define INVALID 1
-#define TOOSMALL 2
-#define TOOLARGE 3
-
-long long
-strtonum(const char *numstr, long long minval, long long maxval,
- const char **errstrp)
-{
- long long ll = 0;
- char *ep;
- int error = 0;
- struct errval {
- const char *errstr;
- int err;
- } ev[4] = {
- { NULL, 0 },
- { "invalid", EINVAL },
- { "too small", ERANGE },
- { "too large", ERANGE },
- };
-
- ev[0].err = errno;
- errno = 0;
- if (minval > maxval)
- error = INVALID;
- else {
- ll = strtoll(numstr, &ep, 10);
- if (errno == EINVAL || numstr == ep || *ep != '\0')
- error = INVALID;
- else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval)
- error = TOOSMALL;
- else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval)
- error = TOOLARGE;
- }
- if (errstrp != NULL)
- *errstrp = ev[error].errstr;
- errno = ev[error].err;
- if (error)
- ll = 0;
-
- return (ll);
-}
-
-
-
-
-/* $OpenBSD: pf_ruleset.c,v 1.1 2006/10/27 13:56:51 mcbride Exp $ */
-
-/*
- * Copyright (c) 2001 Daniel Hartmeier
- * Copyright (c) 2002,2003 Henning Brauer
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * - Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * - Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
- * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
- * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- *
- * Effort sponsored in part by the Defense Advanced Research Projects
- * Agency (DARPA) and Air Force Research Laboratory, Air Force
- * Materiel Command, USAF, under agreement number F30602-01-2-0537.
- *
- */
-
-
-#include <sys/param.h>
-#include <sys/socket.h>
-#include <bsd/string.h>
-#ifdef _KERNEL
-# include <sys/systm.h>
-#endif /* _KERNEL */
-
-#include <netinet/in.h>
-#include <netinet/in_systm.h>
-#include <netinet/ip.h>
-#include <netinet/tcp.h>
-
-#include <net/if.h>
-#include <net/pfvar.h>
-
-#ifdef INET6
-#include <netinet/ip6.h>
-#endif /* INET6 */
-
-
-#ifdef _KERNEL
-# define DPFPRINTF(format, x...) \
- if (pf_status.debug >= PF_DEBUG_NOISY) \
- printf(format , ##x)
-#ifdef __FreeBSD_kernel__
-#define rs_malloc(x) malloc(x, M_TEMP, M_NOWAIT)
-#else
-#define rs_malloc(x) malloc(x, M_TEMP, M_WAITOK)
-#endif
-#define rs_free(x) free(x, M_TEMP)
-
-#else
-/* Userland equivalents so we can lend code to pfctl et al. */
-
-# include <arpa/inet.h>
-# include <errno.h>
-# include <stdio.h>
-# include <stdlib.h>
-# include <string.h>
-# define rs_malloc(x) malloc(x)
-# define rs_free(x) free(x)
-
-# ifdef PFDEBUG
-# include <sys/stdarg.h>
-# define DPFPRINTF(format, x...) fprintf(stderr, format , ##x)
-# else
-# define DPFPRINTF(format, x...) ((void)0)
-# endif /* PFDEBUG */
-#endif /* _KERNEL */
-
-
-struct pf_anchor_global pf_anchors;
-struct pf_anchor pf_main_anchor;
-
-#ifndef __FreeBSD_kernel__
-/* XXX: hum? */
-int pf_get_ruleset_number(u_int8_t);
-void pf_init_ruleset(struct pf_ruleset *);
-int pf_anchor_setup(struct pf_rule *,
- const struct pf_ruleset *, const char *);
-int pf_anchor_copyout(const struct pf_ruleset *,
- const struct pf_rule *, struct pfioc_rule *);
-void pf_anchor_remove(struct pf_rule *);
-#endif
-
-static __inline int pf_anchor_compare(struct pf_anchor *, struct pf_anchor *);
-
-RB_GENERATE(pf_anchor_global, pf_anchor, entry_global, pf_anchor_compare);
-RB_GENERATE(pf_anchor_node, pf_anchor, entry_node, pf_anchor_compare);
-
-static __inline int
-pf_anchor_compare(struct pf_anchor *a, struct pf_anchor *b)
-{
- int c = strcmp(a->path, b->path);
-
- return (c ? (c < 0 ? -1 : 1) : 0);
-}
-
-int
-pf_get_ruleset_number(u_int8_t action)
-{
- switch (action) {
- case PF_SCRUB:
- case PF_NOSCRUB:
- return (PF_RULESET_SCRUB);
- break;
- case PF_PASS:
- case PF_DROP:
- return (PF_RULESET_FILTER);
- break;
- case PF_NAT:
- case PF_NONAT:
- return (PF_RULESET_NAT);
- break;
- case PF_BINAT:
- case PF_NOBINAT:
- return (PF_RULESET_BINAT);
- break;
- case PF_RDR:
- case PF_NORDR:
- return (PF_RULESET_RDR);
- break;
- default:
- return (PF_RULESET_MAX);
- break;
- }
-}
-
-void
-pf_init_ruleset(struct pf_ruleset *ruleset)
-{
- int i;
-
- memset(ruleset, 0, sizeof(struct pf_ruleset));
- for (i = 0; i < PF_RULESET_MAX; i++) {
- TAILQ_INIT(&ruleset->rules[i].queues[0]);
- TAILQ_INIT(&ruleset->rules[i].queues[1]);
- ruleset->rules[i].active.ptr = &ruleset->rules[i].queues[0];
- ruleset->rules[i].inactive.ptr = &ruleset->rules[i].queues[1];
- }
-}
-
-struct pf_anchor *
-pf_find_anchor(const char *path)
-{
- struct pf_anchor *key, *found;
-
- key = (struct pf_anchor *)rs_malloc(sizeof(*key));
- memset(key, 0, sizeof(*key));
- strlcpy(key->path, path, sizeof(key->path));
- found = RB_FIND(pf_anchor_global, &pf_anchors, key);
- rs_free(key);
- return (found);
-}
-
-struct pf_ruleset *
-pf_find_ruleset(const char *path)
-{
- struct pf_anchor *anchor;
-
- while (*path == '/')
- path++;
- if (!*path)
- return (&pf_main_ruleset);
- anchor = pf_find_anchor(path);
- if (anchor == NULL)
- return (NULL);
- else
- return (&anchor->ruleset);
-}
-
-struct pf_ruleset *
-pf_find_or_create_ruleset(const char *path)
-{
- char *p, *q, *r;
- struct pf_ruleset *ruleset;
-#ifdef __FreeBSD_kernel__
- struct pf_anchor *anchor = NULL, *dup, *parent = NULL;
-#else
- struct pf_anchor *anchor, *dup, *parent = NULL;
-#endif
-
- if (path[0] == 0)
- return (&pf_main_ruleset);
- while (*path == '/')
- path++;
- ruleset = pf_find_ruleset(path);
- if (ruleset != NULL)
- return (ruleset);
- p = (char *)rs_malloc(MAXPATHLEN);
- bzero(p, MAXPATHLEN);
- strlcpy(p, path, MAXPATHLEN);
- while (parent == NULL && (q = strrchr(p, '/')) != NULL) {
- *q = 0;
- if ((ruleset = pf_find_ruleset(p)) != NULL) {
- parent = ruleset->anchor;
- break;
- }
- }
- if (q == NULL)
- q = p;
- else
- q++;
- strlcpy(p, path, MAXPATHLEN);
- if (!*q) {
- rs_free(p);
- return (NULL);
- }
- while ((r = strchr(q, '/')) != NULL || *q) {
- if (r != NULL)
- *r = 0;
- if (!*q || strlen(q) >= PF_ANCHOR_NAME_SIZE ||
- (parent != NULL && strlen(parent->path) >=
- MAXPATHLEN - PF_ANCHOR_NAME_SIZE - 1)) {
- rs_free(p);
- return (NULL);
- }
- anchor = (struct pf_anchor *)rs_malloc(sizeof(*anchor));
- if (anchor == NULL) {
- rs_free(p);
- return (NULL);
- }
- memset(anchor, 0, sizeof(*anchor));
- RB_INIT(&anchor->children);
- strlcpy(anchor->name, q, sizeof(anchor->name));
- if (parent != NULL) {
- strlcpy(anchor->path, parent->path,
- sizeof(anchor->path));
- strlcat(anchor->path, "/", sizeof(anchor->path));
- }
- strlcat(anchor->path, anchor->name, sizeof(anchor->path));
- if ((dup = RB_INSERT(pf_anchor_global, &pf_anchors, anchor)) !=
- NULL) {
- printf("pf_find_or_create_ruleset: RB_INSERT1 "
- "'%s' '%s' collides with '%s' '%s'\n",
- anchor->path, anchor->name, dup->path, dup->name);
- rs_free(anchor);
- rs_free(p);
- return (NULL);
- }
- if (parent != NULL) {
- anchor->parent = parent;
- if ((dup = RB_INSERT(pf_anchor_node, &parent->children,
- anchor)) != NULL) {
- printf("pf_find_or_create_ruleset: "
- "RB_INSERT2 '%s' '%s' collides with "
- "'%s' '%s'\n", anchor->path, anchor->name,
- dup->path, dup->name);
- RB_REMOVE(pf_anchor_global, &pf_anchors,
- anchor);
- rs_free(anchor);
- rs_free(p);
- return (NULL);
- }
- }
- pf_init_ruleset(&anchor->ruleset);
- anchor->ruleset.anchor = anchor;
- parent = anchor;
- if (r != NULL)
- q = r + 1;
- else
- *q = 0;
- }
- rs_free(p);
- return (&anchor->ruleset);
-}
-
-void
-pf_remove_if_empty_ruleset(struct pf_ruleset *ruleset)
-{
- struct pf_anchor *parent;
- int i;
-
- while (ruleset != NULL) {
- if (ruleset == &pf_main_ruleset || ruleset->anchor == NULL ||
- !RB_EMPTY(&ruleset->anchor->children) ||
- ruleset->anchor->refcnt > 0 || ruleset->tables > 0 ||
- ruleset->topen)
- return;
- for (i = 0; i < PF_RULESET_MAX; ++i)
- if (!TAILQ_EMPTY(ruleset->rules[i].active.ptr) ||
- !TAILQ_EMPTY(ruleset->rules[i].inactive.ptr) ||
- ruleset->rules[i].inactive.open)
- return;
- RB_REMOVE(pf_anchor_global, &pf_anchors, ruleset->anchor);
- if ((parent = ruleset->anchor->parent) != NULL)
- RB_REMOVE(pf_anchor_node, &parent->children,
- ruleset->anchor);
- rs_free(ruleset->anchor);
- if (parent == NULL)
- return;
- ruleset = &parent->ruleset;
- }
-}
-
-int
-pf_anchor_setup(struct pf_rule *r, const struct pf_ruleset *s,
- const char *name)
-{
- char *p, *path;
- struct pf_ruleset *ruleset;
-
- r->anchor = NULL;
- r->anchor_relative = 0;
- r->anchor_wildcard = 0;
- if (!name[0])
- return (0);
- path = (char *)rs_malloc(MAXPATHLEN);
- bzero(path, MAXPATHLEN);
- if (name[0] == '/')
- strlcpy(path, name + 1, MAXPATHLEN);
- else {
- /* relative path */
- r->anchor_relative = 1;
- if (s->anchor == NULL || !s->anchor->path[0])
- path[0] = 0;
- else
- strlcpy(path, s->anchor->path, MAXPATHLEN);
- while (name[0] == '.' && name[1] == '.' && name[2] == '/') {
- if (!path[0]) {
- printf("pf_anchor_setup: .. beyond root\n");
- rs_free(path);
- return (1);
- }
- if ((p = strrchr(path, '/')) != NULL)
- *p = 0;
- else
- path[0] = 0;
- r->anchor_relative++;
- name += 3;
- }
- if (path[0])
- strlcat(path, "/", MAXPATHLEN);
- strlcat(path, name, MAXPATHLEN);
- }
- if ((p = strrchr(path, '/')) != NULL && !strcmp(p, "/*")) {
- r->anchor_wildcard = 1;
- *p = 0;
- }
- ruleset = pf_find_or_create_ruleset(path);
- rs_free(path);
- if (ruleset == NULL || ruleset->anchor == NULL) {
- printf("pf_anchor_setup: ruleset\n");
- return (1);
- }
- r->anchor = ruleset->anchor;
- r->anchor->refcnt++;
- return (0);
-}
-
-int
-pf_anchor_copyout(const struct pf_ruleset *rs, const struct pf_rule *r,
- struct pfioc_rule *pr)
-{
- pr->anchor_call[0] = 0;
- if (r->anchor == NULL)
- return (0);
- if (!r->anchor_relative) {
- strlcpy(pr->anchor_call, "/", sizeof(pr->anchor_call));
- strlcat(pr->anchor_call, r->anchor->path,
- sizeof(pr->anchor_call));
- } else {
- char *a, *p;
- int i;
-
- a = (char *)rs_malloc(MAXPATHLEN);
- bzero(a, MAXPATHLEN);
- if (rs->anchor == NULL)
- a[0] = 0;
- else
- strlcpy(a, rs->anchor->path, MAXPATHLEN);
- for (i = 1; i < r->anchor_relative; ++i) {
- if ((p = strrchr(a, '/')) == NULL)
- p = a;
- *p = 0;
- strlcat(pr->anchor_call, "../",
- sizeof(pr->anchor_call));
- }
- if (strncmp(a, r->anchor->path, strlen(a))) {
- printf("pf_anchor_copyout: '%s' '%s'\n", a,
- r->anchor->path);
- rs_free(a);
- return (1);
- }
- if (strlen(r->anchor->path) > strlen(a))
- strlcat(pr->anchor_call, r->anchor->path + (a[0] ?
- strlen(a) + 1 : 0), sizeof(pr->anchor_call));
- rs_free(a);
- }
- if (r->anchor_wildcard)
- strlcat(pr->anchor_call, pr->anchor_call[0] ? "/*" : "*",
- sizeof(pr->anchor_call));
- return (0);
-}
-
-void
-pf_anchor_remove(struct pf_rule *r)
-{
- if (r->anchor == NULL)
- return;
- if (r->anchor->refcnt <= 0) {
- printf("pf_anchor_remove: broken refcount\n");
- r->anchor = NULL;
- return;
- }
- if (!--r->anchor->refcnt)
- pf_remove_if_empty_ruleset(&r->anchor->ruleset);
- r->anchor = NULL;
-}
-
Modified: trunk/freebsd-utils/debian/rules
===================================================================
--- trunk/freebsd-utils/debian/rules 2008-06-24 08:30:45 UTC (rev 2193)
+++ trunk/freebsd-utils/debian/rules 2008-06-24 08:31:54 UTC (rev 2194)
@@ -12,7 +12,7 @@
SHELL:=bash
PATH:=/usr/lib/freebsd:$(PATH)
-PMAKE=make COPTS="-D_GNU_SOURCE" NO_WERROR=1 NOGCCERROR=1 NOSHARED=NO NO_SHARED=NO
+PMAKE=make COPTS="-D_GNU_SOURCE -I$(CURDIR)" NO_WERROR=1 NOGCCERROR=1 NOSHARED=NO NO_SHARED=NO
export LDADD=-lbsd -lfreebsd
include /usr/share/cdbs/1/rules/debhelper.mk
@@ -35,7 +35,7 @@
done
build/net-tools:: apply-patches
- cp -p debian/pf_ruleset.c build-tree/src/sbin/pfctl/
+ cp -p pf_ruleset.c build-tree/src/sbin/pfctl/
set -e ; for i in sbin/{ifconfig,route,pfctl} usr.sbin/authpf \
; do \
$(PMAKE) -C $(DEB_SRCDIR)/$$i ; \
Added: trunk/freebsd-utils/net/if.h
===================================================================
--- trunk/freebsd-utils/net/if.h (rev 0)
+++ trunk/freebsd-utils/net/if.h 2008-06-24 08:31:54 UTC (rev 2194)
@@ -0,0 +1,428 @@
+
+/* This is a temp hack, until a new <net/if.h> is propagated into glibc */
+
+
+/*-
+ * Copyright (c) 1982, 1986, 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)if.h 8.1 (Berkeley) 6/10/93
+ * $FreeBSD: src/sys/net/if.h,v 1.108 2007/06/11 20:08:11 andre Exp $
+ */
+
+#ifndef _NET_IF_H_
+#define _NET_IF_H_
+
+#include <sys/cdefs.h>
+
+#include <features.h>
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+struct ifnet;
+
+/*
+ * Length of interface external name, including terminating '\0'.
+ * Note: this is the same size as a generic device's external name.
+ */
+#define IF_NAMESIZE 16
+#define IFNAMSIZ IF_NAMESIZE
+#define IF_MAXUNIT 0x7fff /* historical value */
+
+/*
+ * Structure used to query names of interface cloners.
+ */
+
+struct if_clonereq {
+ int ifcr_total; /* total cloners (out) */
+ int ifcr_count; /* room for this many in user buffer */
+ char *ifcr_buffer; /* buffer for cloner names */
+};
+
+/*
+ * Structure describing information about an interface
+ * which may be of interest to management entities.
+ */
+struct if_data {
+ /* generic interface information */
+ unsigned char ifi_type; /* ethernet, tokenring, etc */
+ unsigned char ifi_physical; /* e.g., AUI, Thinnet, 10base-T, etc */
+ unsigned char ifi_addrlen; /* media address length */
+ unsigned char ifi_hdrlen; /* media header length */
+ unsigned char ifi_link_state; /* current link state */
+ unsigned char ifi_spare_char1; /* spare byte */
+ unsigned char ifi_spare_char2; /* spare byte */
+ unsigned char ifi_datalen; /* length of this data struct */
+ unsigned long ifi_mtu; /* maximum transmission unit */
+ unsigned long ifi_metric; /* routing metric (external only) */
+ unsigned long ifi_baudrate; /* linespeed */
+ /* volatile statistics */
+ unsigned long ifi_ipackets; /* packets received on interface */
+ unsigned long ifi_ierrors; /* input errors on interface */
+ unsigned long ifi_opackets; /* packets sent on interface */
+ unsigned long ifi_oerrors; /* output errors on interface */
+ unsigned long ifi_collisions; /* collisions on csma interfaces */
+ unsigned long ifi_ibytes; /* total number of octets received */
+ unsigned long ifi_obytes; /* total number of octets sent */
+ unsigned long ifi_imcasts; /* packets received via multicast */
+ unsigned long ifi_omcasts; /* packets sent via multicast */
+ unsigned long ifi_iqdrops; /* dropped on input, this interface */
+ unsigned long ifi_noproto; /* destined for unsupported protocol */
+ unsigned long ifi_hwassist; /* HW offload capabilities, see IFCAP */
+ time_t ifi_epoch; /* uptime at attach or stat reset */
+ struct timeval ifi_lastchange; /* time of last administrative change */
+};
+
+/*-
+ * Interface flags are of two types: network stack owned flags, and driver
+ * owned flags. Historically, these values were stored in the same ifnet
+ * flags field, but with the advent of fine-grained locking, they have been
+ * broken out such that the network stack is responsible for synchronizing
+ * the stack-owned fields, and the device driver the device-owned fields.
+ * Both halves can perform lockless reads of the other half's field, subject
+ * to accepting the involved races.
+ *
+ * Both sets of flags come from the same number space, and should not be
+ * permitted to conflict, as they are exposed to user space via a single
+ * field.
+ *
+ * The following symbols identify read and write requirements for fields:
+ *
+ * (i) if_flags field set by device driver before attach, read-only there
+ * after.
+ * (n) if_flags field written only by the network stack, read by either the
+ * stack or driver.
+ * (d) if_drv_flags field written only by the device driver, read by either
+ * the stack or driver.
+ */
+#define IFF_UP 0x1 /* (n) interface is up */
+#define IFF_BROADCAST 0x2 /* (i) broadcast address valid */
+#define IFF_DEBUG 0x4 /* (n) turn on debugging */
+#define IFF_LOOPBACK 0x8 /* (i) is a loopback net */
+#define IFF_POINTOPOINT 0x10 /* (i) is a point-to-point link */
+#define IFF_SMART 0x20 /* (i) interface manages own routes */
+#define IFF_DRV_RUNNING 0x40 /* (d) resources allocated */
+#define IFF_NOARP 0x80 /* (n) no address resolution protocol */
+#define IFF_PROMISC 0x100 /* (n) receive all packets */
+#define IFF_ALLMULTI 0x200 /* (n) receive all multicast packets */
+#define IFF_DRV_OACTIVE 0x400 /* (d) tx hardware queue is full */
+#define IFF_SIMPLEX 0x800 /* (i) can't hear own transmissions */
+#define IFF_LINK0 0x1000 /* per link layer defined bit */
+#define IFF_LINK1 0x2000 /* per link layer defined bit */
+#define IFF_LINK2 0x4000 /* per link layer defined bit */
+#define IFF_ALTPHYS IFF_LINK2 /* use alternate physical connection */
+#define IFF_MULTICAST 0x8000 /* (i) supports multicast */
+/* 0x10000 */
+#define IFF_PPROMISC 0x20000 /* (n) user-requested promisc mode */
+#define IFF_MONITOR 0x40000 /* (n) user-requested monitor mode */
+#define IFF_STATICARP 0x80000 /* (n) static ARP */
+#define IFF_NEEDSGIANT 0x100000 /* (i) hold Giant over if_start calls */
+
+/*
+ * Old names for driver flags so that user space tools can continue to use
+ * the old (portable) names.
+ */
+#ifndef _KERNEL
+#define IFF_RUNNING IFF_DRV_RUNNING
+#define IFF_OACTIVE IFF_DRV_OACTIVE
+#endif
+
+/* flags set internally only: */
+#define IFF_CANTCHANGE \
+ (IFF_BROADCAST|IFF_POINTOPOINT|IFF_DRV_RUNNING|IFF_DRV_OACTIVE|\
+ IFF_SIMPLEX|IFF_MULTICAST|IFF_ALLMULTI|IFF_SMART|IFF_PROMISC)
+
+/*
+ * Values for if_link_state.
+ */
+#define LINK_STATE_UNKNOWN 0 /* link invalid/unknown */
+#define LINK_STATE_DOWN 1 /* link is down */
+#define LINK_STATE_UP 2 /* link is up */
+
+/*
+ * Some convenience macros used for setting ifi_baudrate.
+ * XXX 1000 vs. 1024? --thorpej at netbsd.org
+ */
+#define IF_Kbps(x) ((x) * 1000) /* kilobits/sec. */
+#define IF_Mbps(x) (IF_Kbps((x) * 1000)) /* megabits/sec. */
+#define IF_Gbps(x) (IF_Mbps((x) * 1000)) /* gigabits/sec. */
+
+/*
+ * Capabilities that interfaces can advertise.
+ *
+ * struct ifnet.if_capabilities
+ * contains the optional features & capabilities a particular interface
+ * supports (not only the driver but also the detected hw revision).
+ * Capabilities are defined by IFCAP_* below.
+ * struct ifnet.if_capenable
+ * contains the enabled (either by default or through ifconfig) optional
+ * features & capabilities on this interface.
+ * Capabilities are defined by IFCAP_* below.
+ * struct if_data.ifi_hwassist in mbuf CSUM_ flag form, controlled by above
+ * contains the enabled optional feature & capabilites that can be used
+ * individually per packet and are specified in the mbuf pkthdr.csum_flags
+ * field. IFCAP_* and CSUM_* do not match one to one and CSUM_* may be
+ * more detailed or differenciated than IFCAP_*.
+ * Hwassist features are defined CSUM_* in sys/mbuf.h
+ */
+#define IFCAP_RXCSUM 0x0001 /* can offload checksum on RX */
+#define IFCAP_TXCSUM 0x0002 /* can offload checksum on TX */
+#define IFCAP_NETCONS 0x0004 /* can be a network console */
+#define IFCAP_VLAN_MTU 0x0008 /* VLAN-compatible MTU */
+#define IFCAP_VLAN_HWTAGGING 0x0010 /* hardware VLAN tag support */
+#define IFCAP_JUMBO_MTU 0x0020 /* 9000 byte MTU supported */
+#define IFCAP_POLLING 0x0040 /* driver supports polling */
+#define IFCAP_VLAN_HWCSUM 0x0080 /* can do IFCAP_HWCSUM on VLANs */
+#define IFCAP_TSO4 0x0100 /* can do TCP Segmentation Offload */
+#define IFCAP_TSO6 0x0200 /* can do TCP6 Segmentation Offload */
+#define IFCAP_LRO 0x0400 /* can do Large Receive Offload */
+
+#define IFCAP_HWCSUM (IFCAP_RXCSUM | IFCAP_TXCSUM)
+#define IFCAP_TSO (IFCAP_TSO4 | IFCAP_TSO6)
+
+#define IFQ_MAXLEN 50
+#define IFNET_SLOWHZ 1 /* granularity is 1 second */
+
+/*
+ * Message format for use in obtaining information about interfaces
+ * from getkerninfo and the routing socket
+ */
+struct if_msghdr {
+ unsigned short ifm_msglen; /* to skip over non-understood messages */
+ unsigned char ifm_version; /* future binary compatibility */
+ unsigned char ifm_type; /* message type */
+ int ifm_addrs; /* like rtm_addrs */
+ int ifm_flags; /* value of if_flags */
+ unsigned short ifm_index; /* index for associated ifp */
+ struct if_data ifm_data;/* statistics and other data about if */
+};
+
+/*
+ * Message format for use in obtaining information about interface addresses
+ * from getkerninfo and the routing socket
+ */
+struct ifa_msghdr {
+ unsigned short ifam_msglen; /* to skip over non-understood messages */
+ unsigned char ifam_version; /* future binary compatibility */
+ unsigned char ifam_type; /* message type */
+ int ifam_addrs; /* like rtm_addrs */
+ int ifam_flags; /* value of ifa_flags */
+ unsigned short ifam_index; /* index for associated ifp */
+ int ifam_metric; /* value of ifa_metric */
+};
+
+/*
+ * Message format for use in obtaining information about multicast addresses
+ * from the routing socket
+ */
+struct ifma_msghdr {
+ unsigned short ifmam_msglen; /* to skip over non-understood messages */
+ unsigned char ifmam_version; /* future binary compatibility */
+ unsigned char ifmam_type; /* message type */
+ int ifmam_addrs; /* like rtm_addrs */
+ int ifmam_flags; /* value of ifa_flags */
+ unsigned short ifmam_index; /* index for associated ifp */
+};
+
+/*
+ * Message format announcing the arrival or departure of a network interface.
+ */
+struct if_announcemsghdr {
+ unsigned short ifan_msglen; /* to skip over non-understood messages */
+ unsigned char ifan_version; /* future binary compatibility */
+ unsigned char ifan_type; /* message type */
+ unsigned short ifan_index; /* index for associated ifp */
+ char ifan_name[IFNAMSIZ]; /* if name, e.g. "en0" */
+ unsigned short ifan_what; /* what type of announcement */
+};
+
+#define IFAN_ARRIVAL 0 /* interface arrival */
+#define IFAN_DEPARTURE 1 /* interface departure */
+
+/*
+ * Interface request structure used for socket
+ * ioctl's. All interface ioctl's must have parameter
+ * definitions which begin with ifr_name. The
+ * remainder may be interface specific.
+ */
+struct ifreq {
+ char ifr_name[IFNAMSIZ]; /* if name, e.g. "en0" */
+ union {
+ struct sockaddr ifru_addr;
+ struct sockaddr ifru_dstaddr;
+ struct sockaddr ifru_broadaddr;
+ struct sockaddr ifru_netmask;
+ short ifru_flags[2];
+ short ifru_index;
+ int ifru_metric;
+ int ifru_mtu;
+ int ifru_phys;
+ int ifru_media;
+ char * ifru_data;
+ int ifru_cap[2];
+ } ifr_ifru;
+#define ifr_addr ifr_ifru.ifru_addr /* address */
+#define ifr_dstaddr ifr_ifru.ifru_dstaddr /* other end of p-to-p link */
+#define ifr_broadaddr ifr_ifru.ifru_broadaddr /* broadcast address */
+#define ifr_netmask ifr_ifru.ifru_netmask /* interface net mask */
+#define ifr_flags ifr_ifru.ifru_flags[0] /* flags (low 16 bits) */
+#define ifr_flagshigh ifr_ifru.ifru_flags[1] /* flags (high 16 bits) */
+#define ifr_metric ifr_ifru.ifru_metric /* metric */
+#define ifr_mtu ifr_ifru.ifru_mtu /* mtu */
+#define ifr_phys ifr_ifru.ifru_phys /* physical wire */
+#define ifr_media ifr_ifru.ifru_media /* physical media */
+#define ifr_data ifr_ifru.ifru_data /* for use by interface */
+#define ifr_reqcap ifr_ifru.ifru_cap[0] /* requested capabilities */
+#define ifr_curcap ifr_ifru.ifru_cap[1] /* current capabilities */
+#define ifr_index ifr_ifru.ifru_index /* interface index */
+};
+
+#define _SIZEOF_ADDR_IFREQ(ifr) \
+ ((ifr).ifr_addr.sa_len > sizeof(struct sockaddr) ? \
+ (sizeof(struct ifreq) - sizeof(struct sockaddr) + \
+ (ifr).ifr_addr.sa_len) : sizeof(struct ifreq))
+
+struct ifaliasreq {
+ char ifra_name[IFNAMSIZ]; /* if name, e.g. "en0" */
+ struct sockaddr ifra_addr;
+ struct sockaddr ifra_broadaddr;
+ struct sockaddr ifra_mask;
+};
+
+struct ifmediareq {
+ char ifm_name[IFNAMSIZ]; /* if name, e.g. "en0" */
+ int ifm_current; /* current media options */
+ int ifm_mask; /* don't care mask */
+ int ifm_status; /* media status */
+ int ifm_active; /* active options */
+ int ifm_count; /* # entries in ifm_ulist array */
+ int *ifm_ulist; /* media words */
+};
+
+struct ifdrv {
+ char ifd_name[IFNAMSIZ]; /* if name, e.g. "en0" */
+ unsigned long ifd_cmd;
+ size_t ifd_len;
+ void *ifd_data;
+};
+
+/*
+ * Structure used to retrieve aux status data from interfaces.
+ * Kernel suppliers to this interface should respect the formatting
+ * needed by ifconfig(8): each line starts with a TAB and ends with
+ * a newline. The canonical example to copy and paste is in if_tun.c.
+ */
+
+#define IFSTATMAX 800 /* 10 lines of text */
+struct ifstat {
+ char ifs_name[IFNAMSIZ]; /* if name, e.g. "en0" */
+ char ascii[IFSTATMAX + 1];
+};
+
+/*
+ * Structure used in SIOCGIFCONF request.
+ * Used to retrieve interface configuration
+ * for machine (useful for programs which
+ * must know all networks accessible).
+ */
+struct ifconf {
+ int ifc_len; /* size of associated buffer */
+ union {
+ char *ifcu_buf;
+ struct ifreq *ifcu_req;
+ } ifc_ifcu;
+#define ifc_buf ifc_ifcu.ifcu_buf /* buffer address */
+#define ifc_req ifc_ifcu.ifcu_req /* array of structures returned */
+};
+
+#if defined (__amd64__) || defined (COMPAT_32BIT)
+struct ifconf32 {
+ int ifc_len; /* size of associated buffer */
+ union {
+ unsigned int ifcu_buf;
+ unsigned int ifcu_req;
+ } ifc_ifcu;
+};
+#endif
+
+/*
+ * interface groups
+ */
+
+#define IFG_ALL "all" /* group contains all interfaces */
+/* XXX: will we implement this? */
+#define IFG_EGRESS "egress" /* if(s) default route(s) point to */
+
+struct ifg_req {
+ union {
+ char ifgrqu_group[IFNAMSIZ];
+ char ifgrqu_member[IFNAMSIZ];
+ } ifgrq_ifgrqu;
+#define ifgrq_group ifgrq_ifgrqu.ifgrqu_group
+#define ifgrq_member ifgrq_ifgrqu.ifgrqu_member
+};
+
+/*
+ * Used to lookup groups for an interface
+ */
+struct ifgroupreq {
+ char ifgr_name[IFNAMSIZ];
+ unsigned int ifgr_len;
+ union {
+ char ifgru_group[IFNAMSIZ];
+ struct ifg_req *ifgru_groups;
+ } ifgr_ifgru;
+#define ifgr_group ifgr_ifgru.ifgru_group
+#define ifgr_groups ifgr_ifgru.ifgru_groups
+};
+
+/*
+ * Structure for SIOC[AGD]LIFADDR
+ */
+struct if_laddrreq {
+ char iflr_name[IFNAMSIZ];
+ unsigned int flags;
+#define IFLR_PREFIX 0x8000 /* in: prefix given out: kernel fills id */
+ unsigned int prefixlen; /* in/out */
+ struct sockaddr_storage addr; /* in/out */
+ struct sockaddr_storage dstaddr; /* out */
+};
+
+struct if_nameindex {
+ unsigned int if_index; /* 1, 2, ... */
+ char *if_name; /* null terminated name: "le0", ... */
+};
+
+__BEGIN_DECLS
+void if_freenameindex(struct if_nameindex *);
+char *if_indextoname(unsigned int, char *);
+struct if_nameindex *if_nameindex(void);
+unsigned int if_nametoindex(const char *);
+__END_DECLS
+
+#endif /* !_NET_IF_H_ */
Copied: trunk/freebsd-utils/pf_ruleset.c (from rev 2192, trunk/freebsd-utils/debian/pf_ruleset.c)
===================================================================
--- trunk/freebsd-utils/pf_ruleset.c (rev 0)
+++ trunk/freebsd-utils/pf_ruleset.c 2008-06-24 08:31:54 UTC (rev 2194)
@@ -0,0 +1,512 @@
+
+/* This is a (temp) hack,
+
+ this file is concatenation of file
+
+ src/lib/libc/stdlib/strtonum.c
+ src/sys/contrib/pf/net/pf_ruleset.c
+
+ */
+
+
+/*-
+ * Copyright (c) 2004 Ted Unangst and Todd Miller
+ * All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * $OpenBSD: strtonum.c,v 1.6 2004/08/03 19:38:01 millert Exp $
+ */
+
+#include <sys/cdefs.h>
+/* __FBSDID("$FreeBSD: src/lib/libc/stdlib/strtonum.c,v 1.2 2006/03/14 19:53:03 ache Exp $"); */
+
+
+#include <errno.h>
+#include <limits.h>
+#include <stdlib.h>
+
+#define INVALID 1
+#define TOOSMALL 2
+#define TOOLARGE 3
+
+long long
+strtonum(const char *numstr, long long minval, long long maxval,
+ const char **errstrp)
+{
+ long long ll = 0;
+ char *ep;
+ int error = 0;
+ struct errval {
+ const char *errstr;
+ int err;
+ } ev[4] = {
+ { NULL, 0 },
+ { "invalid", EINVAL },
+ { "too small", ERANGE },
+ { "too large", ERANGE },
+ };
+
+ ev[0].err = errno;
+ errno = 0;
+ if (minval > maxval)
+ error = INVALID;
+ else {
+ ll = strtoll(numstr, &ep, 10);
+ if (errno == EINVAL || numstr == ep || *ep != '\0')
+ error = INVALID;
+ else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval)
+ error = TOOSMALL;
+ else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval)
+ error = TOOLARGE;
+ }
+ if (errstrp != NULL)
+ *errstrp = ev[error].errstr;
+ errno = ev[error].err;
+ if (error)
+ ll = 0;
+
+ return (ll);
+}
+
+
+
+
+/* $OpenBSD: pf_ruleset.c,v 1.1 2006/10/27 13:56:51 mcbride Exp $ */
+
+/*
+ * Copyright (c) 2001 Daniel Hartmeier
+ * Copyright (c) 2002,2003 Henning Brauer
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * - Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * - Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Effort sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F30602-01-2-0537.
+ *
+ */
+
+
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <bsd/string.h>
+#ifdef _KERNEL
+# include <sys/systm.h>
+#endif /* _KERNEL */
+
+#include <netinet/in.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+#include <netinet/tcp.h>
+
+#include <net/if.h>
+#include <net/pfvar.h>
+
+#ifdef INET6
+#include <netinet/ip6.h>
+#endif /* INET6 */
+
+
+#ifdef _KERNEL
+# define DPFPRINTF(format, x...) \
+ if (pf_status.debug >= PF_DEBUG_NOISY) \
+ printf(format , ##x)
+#ifdef __FreeBSD_kernel__
+#define rs_malloc(x) malloc(x, M_TEMP, M_NOWAIT)
+#else
+#define rs_malloc(x) malloc(x, M_TEMP, M_WAITOK)
+#endif
+#define rs_free(x) free(x, M_TEMP)
+
+#else
+/* Userland equivalents so we can lend code to pfctl et al. */
+
+# include <arpa/inet.h>
+# include <errno.h>
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# define rs_malloc(x) malloc(x)
+# define rs_free(x) free(x)
+
+# ifdef PFDEBUG
+# include <sys/stdarg.h>
+# define DPFPRINTF(format, x...) fprintf(stderr, format , ##x)
+# else
+# define DPFPRINTF(format, x...) ((void)0)
+# endif /* PFDEBUG */
+#endif /* _KERNEL */
+
+
+struct pf_anchor_global pf_anchors;
+struct pf_anchor pf_main_anchor;
+
+#ifndef __FreeBSD_kernel__
+/* XXX: hum? */
+int pf_get_ruleset_number(u_int8_t);
+void pf_init_ruleset(struct pf_ruleset *);
+int pf_anchor_setup(struct pf_rule *,
+ const struct pf_ruleset *, const char *);
+int pf_anchor_copyout(const struct pf_ruleset *,
+ const struct pf_rule *, struct pfioc_rule *);
+void pf_anchor_remove(struct pf_rule *);
+#endif
+
+static __inline int pf_anchor_compare(struct pf_anchor *, struct pf_anchor *);
+
+RB_GENERATE(pf_anchor_global, pf_anchor, entry_global, pf_anchor_compare);
+RB_GENERATE(pf_anchor_node, pf_anchor, entry_node, pf_anchor_compare);
+
+static __inline int
+pf_anchor_compare(struct pf_anchor *a, struct pf_anchor *b)
+{
+ int c = strcmp(a->path, b->path);
+
+ return (c ? (c < 0 ? -1 : 1) : 0);
+}
+
+int
+pf_get_ruleset_number(u_int8_t action)
+{
+ switch (action) {
+ case PF_SCRUB:
+ case PF_NOSCRUB:
+ return (PF_RULESET_SCRUB);
+ break;
+ case PF_PASS:
+ case PF_DROP:
+ return (PF_RULESET_FILTER);
+ break;
+ case PF_NAT:
+ case PF_NONAT:
+ return (PF_RULESET_NAT);
+ break;
+ case PF_BINAT:
+ case PF_NOBINAT:
+ return (PF_RULESET_BINAT);
+ break;
+ case PF_RDR:
+ case PF_NORDR:
+ return (PF_RULESET_RDR);
+ break;
+ default:
+ return (PF_RULESET_MAX);
+ break;
+ }
+}
+
+void
+pf_init_ruleset(struct pf_ruleset *ruleset)
+{
+ int i;
+
+ memset(ruleset, 0, sizeof(struct pf_ruleset));
+ for (i = 0; i < PF_RULESET_MAX; i++) {
+ TAILQ_INIT(&ruleset->rules[i].queues[0]);
+ TAILQ_INIT(&ruleset->rules[i].queues[1]);
+ ruleset->rules[i].active.ptr = &ruleset->rules[i].queues[0];
+ ruleset->rules[i].inactive.ptr = &ruleset->rules[i].queues[1];
+ }
+}
+
+struct pf_anchor *
+pf_find_anchor(const char *path)
+{
+ struct pf_anchor *key, *found;
+
+ key = (struct pf_anchor *)rs_malloc(sizeof(*key));
+ memset(key, 0, sizeof(*key));
+ strlcpy(key->path, path, sizeof(key->path));
+ found = RB_FIND(pf_anchor_global, &pf_anchors, key);
+ rs_free(key);
+ return (found);
+}
+
+struct pf_ruleset *
+pf_find_ruleset(const char *path)
+{
+ struct pf_anchor *anchor;
+
+ while (*path == '/')
+ path++;
+ if (!*path)
+ return (&pf_main_ruleset);
+ anchor = pf_find_anchor(path);
+ if (anchor == NULL)
+ return (NULL);
+ else
+ return (&anchor->ruleset);
+}
+
+struct pf_ruleset *
+pf_find_or_create_ruleset(const char *path)
+{
+ char *p, *q, *r;
+ struct pf_ruleset *ruleset;
+#ifdef __FreeBSD_kernel__
+ struct pf_anchor *anchor = NULL, *dup, *parent = NULL;
+#else
+ struct pf_anchor *anchor, *dup, *parent = NULL;
+#endif
+
+ if (path[0] == 0)
+ return (&pf_main_ruleset);
+ while (*path == '/')
+ path++;
+ ruleset = pf_find_ruleset(path);
+ if (ruleset != NULL)
+ return (ruleset);
+ p = (char *)rs_malloc(MAXPATHLEN);
+ bzero(p, MAXPATHLEN);
+ strlcpy(p, path, MAXPATHLEN);
+ while (parent == NULL && (q = strrchr(p, '/')) != NULL) {
+ *q = 0;
+ if ((ruleset = pf_find_ruleset(p)) != NULL) {
+ parent = ruleset->anchor;
+ break;
+ }
+ }
+ if (q == NULL)
+ q = p;
+ else
+ q++;
+ strlcpy(p, path, MAXPATHLEN);
+ if (!*q) {
+ rs_free(p);
+ return (NULL);
+ }
+ while ((r = strchr(q, '/')) != NULL || *q) {
+ if (r != NULL)
+ *r = 0;
+ if (!*q || strlen(q) >= PF_ANCHOR_NAME_SIZE ||
+ (parent != NULL && strlen(parent->path) >=
+ MAXPATHLEN - PF_ANCHOR_NAME_SIZE - 1)) {
+ rs_free(p);
+ return (NULL);
+ }
+ anchor = (struct pf_anchor *)rs_malloc(sizeof(*anchor));
+ if (anchor == NULL) {
+ rs_free(p);
+ return (NULL);
+ }
+ memset(anchor, 0, sizeof(*anchor));
+ RB_INIT(&anchor->children);
+ strlcpy(anchor->name, q, sizeof(anchor->name));
+ if (parent != NULL) {
+ strlcpy(anchor->path, parent->path,
+ sizeof(anchor->path));
+ strlcat(anchor->path, "/", sizeof(anchor->path));
+ }
+ strlcat(anchor->path, anchor->name, sizeof(anchor->path));
+ if ((dup = RB_INSERT(pf_anchor_global, &pf_anchors, anchor)) !=
+ NULL) {
+ printf("pf_find_or_create_ruleset: RB_INSERT1 "
+ "'%s' '%s' collides with '%s' '%s'\n",
+ anchor->path, anchor->name, dup->path, dup->name);
+ rs_free(anchor);
+ rs_free(p);
+ return (NULL);
+ }
+ if (parent != NULL) {
+ anchor->parent = parent;
+ if ((dup = RB_INSERT(pf_anchor_node, &parent->children,
+ anchor)) != NULL) {
+ printf("pf_find_or_create_ruleset: "
+ "RB_INSERT2 '%s' '%s' collides with "
+ "'%s' '%s'\n", anchor->path, anchor->name,
+ dup->path, dup->name);
+ RB_REMOVE(pf_anchor_global, &pf_anchors,
+ anchor);
+ rs_free(anchor);
+ rs_free(p);
+ return (NULL);
+ }
+ }
+ pf_init_ruleset(&anchor->ruleset);
+ anchor->ruleset.anchor = anchor;
+ parent = anchor;
+ if (r != NULL)
+ q = r + 1;
+ else
+ *q = 0;
+ }
+ rs_free(p);
+ return (&anchor->ruleset);
+}
+
+void
+pf_remove_if_empty_ruleset(struct pf_ruleset *ruleset)
+{
+ struct pf_anchor *parent;
+ int i;
+
+ while (ruleset != NULL) {
+ if (ruleset == &pf_main_ruleset || ruleset->anchor == NULL ||
+ !RB_EMPTY(&ruleset->anchor->children) ||
+ ruleset->anchor->refcnt > 0 || ruleset->tables > 0 ||
+ ruleset->topen)
+ return;
+ for (i = 0; i < PF_RULESET_MAX; ++i)
+ if (!TAILQ_EMPTY(ruleset->rules[i].active.ptr) ||
+ !TAILQ_EMPTY(ruleset->rules[i].inactive.ptr) ||
+ ruleset->rules[i].inactive.open)
+ return;
+ RB_REMOVE(pf_anchor_global, &pf_anchors, ruleset->anchor);
+ if ((parent = ruleset->anchor->parent) != NULL)
+ RB_REMOVE(pf_anchor_node, &parent->children,
+ ruleset->anchor);
+ rs_free(ruleset->anchor);
+ if (parent == NULL)
+ return;
+ ruleset = &parent->ruleset;
+ }
+}
+
+int
+pf_anchor_setup(struct pf_rule *r, const struct pf_ruleset *s,
+ const char *name)
+{
+ char *p, *path;
+ struct pf_ruleset *ruleset;
+
+ r->anchor = NULL;
+ r->anchor_relative = 0;
+ r->anchor_wildcard = 0;
+ if (!name[0])
+ return (0);
+ path = (char *)rs_malloc(MAXPATHLEN);
+ bzero(path, MAXPATHLEN);
+ if (name[0] == '/')
+ strlcpy(path, name + 1, MAXPATHLEN);
+ else {
+ /* relative path */
+ r->anchor_relative = 1;
+ if (s->anchor == NULL || !s->anchor->path[0])
+ path[0] = 0;
+ else
+ strlcpy(path, s->anchor->path, MAXPATHLEN);
+ while (name[0] == '.' && name[1] == '.' && name[2] == '/') {
+ if (!path[0]) {
+ printf("pf_anchor_setup: .. beyond root\n");
+ rs_free(path);
+ return (1);
+ }
+ if ((p = strrchr(path, '/')) != NULL)
+ *p = 0;
+ else
+ path[0] = 0;
+ r->anchor_relative++;
+ name += 3;
+ }
+ if (path[0])
+ strlcat(path, "/", MAXPATHLEN);
+ strlcat(path, name, MAXPATHLEN);
+ }
+ if ((p = strrchr(path, '/')) != NULL && !strcmp(p, "/*")) {
+ r->anchor_wildcard = 1;
+ *p = 0;
+ }
+ ruleset = pf_find_or_create_ruleset(path);
+ rs_free(path);
+ if (ruleset == NULL || ruleset->anchor == NULL) {
+ printf("pf_anchor_setup: ruleset\n");
+ return (1);
+ }
+ r->anchor = ruleset->anchor;
+ r->anchor->refcnt++;
+ return (0);
+}
+
+int
+pf_anchor_copyout(const struct pf_ruleset *rs, const struct pf_rule *r,
+ struct pfioc_rule *pr)
+{
+ pr->anchor_call[0] = 0;
+ if (r->anchor == NULL)
+ return (0);
+ if (!r->anchor_relative) {
+ strlcpy(pr->anchor_call, "/", sizeof(pr->anchor_call));
+ strlcat(pr->anchor_call, r->anchor->path,
+ sizeof(pr->anchor_call));
+ } else {
+ char *a, *p;
+ int i;
+
+ a = (char *)rs_malloc(MAXPATHLEN);
+ bzero(a, MAXPATHLEN);
+ if (rs->anchor == NULL)
+ a[0] = 0;
+ else
+ strlcpy(a, rs->anchor->path, MAXPATHLEN);
+ for (i = 1; i < r->anchor_relative; ++i) {
+ if ((p = strrchr(a, '/')) == NULL)
+ p = a;
+ *p = 0;
+ strlcat(pr->anchor_call, "../",
+ sizeof(pr->anchor_call));
+ }
+ if (strncmp(a, r->anchor->path, strlen(a))) {
+ printf("pf_anchor_copyout: '%s' '%s'\n", a,
+ r->anchor->path);
+ rs_free(a);
+ return (1);
+ }
+ if (strlen(r->anchor->path) > strlen(a))
+ strlcat(pr->anchor_call, r->anchor->path + (a[0] ?
+ strlen(a) + 1 : 0), sizeof(pr->anchor_call));
+ rs_free(a);
+ }
+ if (r->anchor_wildcard)
+ strlcat(pr->anchor_call, pr->anchor_call[0] ? "/*" : "*",
+ sizeof(pr->anchor_call));
+ return (0);
+}
+
+void
+pf_anchor_remove(struct pf_rule *r)
+{
+ if (r->anchor == NULL)
+ return;
+ if (r->anchor->refcnt <= 0) {
+ printf("pf_anchor_remove: broken refcount\n");
+ r->anchor = NULL;
+ return;
+ }
+ if (!--r->anchor->refcnt)
+ pf_remove_if_empty_ruleset(&r->anchor->ruleset);
+ r->anchor = NULL;
+}
+
More information about the Glibc-bsd-commits
mailing list